NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: Monitoring user logins via unsecure Wi-Fi networks

Anticipating the gov requiring anyone using https/ssl products "internally" to "also" apply for an ERN CCATS number.
The LAW just changed on June 2010 and can expect more additions to it, as all gov(s) pass laws to gain ultimate control for all types of communications and transactions in their country.


On Mon, Oct 25, 2010 at 12:14 PM, Lauren Weinstein <lauren@vortex.com> wrote:

Monitoring user logins via unsecure Wi-Fi networks

http://bit.ly/cVyYrK Â (Techcrunch - "An AOL Company")

The existence of the exploit ("Firesheep") described at
http://bit.ly/d7nPNH Â(Code Butler) should surprise nobody.

The browser plugin "workaround" described at the Techcrunch/AOL link
is useful as a transitional tool in the absence of integral crypto
protection, but what percentage of vulnerable users will be using it
in the long run?

Unsecured Wi-Fi is ... unsecure. ÂUnless end-to-end connections (wired
and wireless) are protected by strong encryption (and that does not
necessarily means SSL/TLS within the current certificate-based PKI
with all its problems) users will be increasingly vulnerable.

I'm now waiting for the privacy commissioners and other parties who
have had such a field day crucifying Google over *accidental* Wi-Fi
payload data collection to take a similar hard line against Firesheep
and the multitude of other purpose-built Wi-Fi payload monitoring tools
available for all manner of applications both fair and foul.

Lauren Weinstein (lauren@vortex.com)
Tel: +1 (818) 225-2800
Co-Founder, PFIR (People For Internet Responsibility): http://www.pfir.org
Co-Founder, NNSquad (Network Neutrality Squad): http://www.nnsquad.org
Founder, GCTIP (Global Coalition for Transparent Internet Performance):
Founder, PRIVACY Forum: http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Google Buzz: http://bit.ly/lauren-buzz